private AuthUserInformationModel BuildAuthUserInformationModel(DataTable userInfoTable)
{
// Get basic user information from the databases
AuthUserInformationModel userInfo = new AuthUserInformationModel();
userInfo.UserKey = userInfoTable.Rows[0]["User_Key"].ToString();
userInfo.OldUserKey = userInfoTable.Rows[0]["SecurityUser_Key"].ToString();
userInfo.Username = userInfoTable.Rows[0]["UserName"].ToString();
userInfo.FullName = userInfo.Username.Split('@')[0]; // TODO: This should be changed to use the real Full Name of the users
userInfo.RoleLookup = new Dictionary <string, int>();
// Lookup roles for this current user
SqlGenerator sqlGenLevels = new SqlGenerator(SqlGenerator.SqlTypes.Select, "UserRight", true);
sqlGenLevels.AddTable("SecurityObject", SqlGenerator.SqlJoins.Inner, "SecurityObject_Key");
sqlGenLevels.AddField("ObjectTitle", "SecurityObject");
sqlGenLevels.AddField("SecurityLevel", "UserRight");
sqlGenLevels.AddWhereParameter("UserRight", "SecurityUser_Key", userInfo.OldUserKey, SqlWhereComparison.SqlComparer.Equal);
// Loop through all of our role levels and assign them to our AuthUserInformationModel.RoleLookup dictionarys
using (SqlDataReader r = Adocls.FetchDataReader(sqlGenLevels, "UserDatabase"))
{
while (r.Read())
{
userInfo.RoleLookup.Add((string)r["ObjectTitle"], (byte)r["SecurityLevel"]);
}
}
return(userInfo);
}
/// <summary>
/// Starts a new session for the user by validating their username and password
/// credentials.
/// </summary>
public bool StartSession(string username, string password, out string token, out DateTime expiration)
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("*");
sqlGen.AddWhereParameter("User", "UserName", username, SqlWhereComparison.SqlComparer.Equal);
System.Data.DataTable dt = Adocls.FetchDataTable(sqlGen, modelDataBindings.DatabaseName);
if (dt.Rows.Count > 0)
{
if (dt.Rows[0]["HashPassword"].ToString() == CryptoHelper.ComputeHash(password, dt.Rows[0]["SALT"].ToString()))
{
string sessionKey = Guid.NewGuid().ToString("N");
DateTime sessionExpires = DateTime.Now.AddMinutes(C_SESSION_LIFESPAN);
SqlGenerator sqlGenUpdate = new SqlGenerator(SqlGenerator.SqlTypes.Update, "User");
sqlGenUpdate.AddField("AuthGUID", "User", sessionKey);
sqlGenUpdate.AddField("AuthDate", "User", sessionExpires);
sqlGenUpdate.AddWhereParameter("User", "User_Key", dt.Rows[0]["User_Key"].ToString(), SqlWhereComparison.SqlComparer.Equal);
Adocls.ExecuteSql(sqlGenUpdate, true, modelDataBindings.DatabaseName);
token = sessionKey;
expiration = sessionExpires;
return(true);
}
}
token = null;
expiration = DateTime.MinValue;
return(false);
}
public IList <ActivityDropDown> GetDropDownList(string pageName)
{
using (SecurityUserService securityUserService = new SecurityUserService())
{
SqlGenerator sqlgen = new SqlGenerator(SqlGenerator.SqlTypes.Sproc, "ActivityListUSP");
sqlgen.AddField("ReturnKey", "ActivityListUSP", 1);
sqlgen.AddField("UserKey", "ActivityListUSP", securityUserService.CurrentSecurityUser());
sqlgen.AddField("SecurityObjectTitle", "ActivityListUSP", pageName);
sqlgen.AddField("Active", "ActivityListUSP", 1);
return(ModelBase.LoadModel <ActivityDropDown>(sqlgen) as IList <ActivityDropDown>);
}
}
/// <summary>
/// Validate a session GUID string with the database to make sure a session exists
/// for this GUID.s
/// </summary>
public bool ValidateSessionKey(string sessionGuid)
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("User_Key");
sqlGen.AddWhereParameter("User", "AuthGUID", sessionGuid, SqlWhereComparison.SqlComparer.Equal);
return(Adocls.FetchValueString(sqlGen, "UserDatabase").ToString().Length > 0);
}
public string CurrentSecurityUser()
{
IrisWeb.SqlGenerator sqlgen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "SecurityUser");
sqlgen.AddField("SecurityUser_Key");
sqlgen.AddField("UserName");
sqlgen.SelectStatementLimit = 1;
IList <SecurityUserDropDown> currentSecurityUser = (ModelBase.LoadModel <SecurityUserDropDown>(sqlgen) as IList <SecurityUserDropDown>);
if (currentSecurityUser == null || currentSecurityUser.Count == 0)
{
return("32000EDD73"); // Ginger
}
else
{
return(currentSecurityUser[0].SecurityUser_Key);
}
}
/// <summary>
/// Get AuthUserInformationModel using the session GUID string
/// </summary>
public AuthUserInformationModel GetAuthUserInformation(string sessionGuid)
{
try
{
SqlGenerator sqlGenUser = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGenUser.AddField("*");
sqlGenUser.AddWhereParameter("User", "AuthGUID", sessionGuid, SqlWhereComparison.SqlComparer.Equal);
sqlGenUser.AddWhereParameter("User", "AuthDate", DateTime.Now, SqlWhereComparison.SqlComparer.GreaterThan | SqlWhereComparison.SqlComparer.Equal);
// TODO: Optimize this to use reader instead of data table
DataTable dt = Adocls.FetchDataTable(sqlGenUser, "UserDatabase");
return(BuildAuthUserInformationModel(dt));
}
catch { return(null); }
}
/// <summary>
/// Get AuthUserInformationmodel using the email and active state of the user account
/// </summary>
public AuthUserInformationModel GetAuthUserInformation(string email, bool activeFlag)
{
try
{
SqlGenerator sqlGen = new SqlGenerator(SqlGenerator.SqlTypes.Select, "User");
sqlGen.AddField("*");
sqlGen.AddWhereParameter("User", "UserName", email, SqlWhereComparison.SqlComparer.Equal);
sqlGen.AddWhereParameter("User", "Active", activeFlag.ToString(), SqlWhereComparison.SqlComparer.Equal);
// TODO: Should transition this to a data reader
DataTable dt = Adocls.FetchDataTable(sqlGen, "UserDatabase");
return(BuildAuthUserInformationModel(dt));
}
catch (Exception)
{
}
return(null);
}
public static SqlDataReader FetchDataReaderSproc2(string sprocName, string param1, string param2, string param3)
{
SqlGenerator gen = new SqlGenerator(SqlGenerator.SqlTypes.Sproc, sprocName);
//Determine which parameters where sent.
if (param1.Length > 0)
{
gen.AddField("PARAMETER", sprocName, param1);
}
if (param2.Length > 0)
{
gen.AddField("PARAMETER2", sprocName, param2);
}
if (param3.Length > 0)
{
gen.AddField("PARAMETER3", sprocName, param3);
}
return FetchDataReader(gen);
}
public static SqlDataReader FetchDataReaderSproc(string sprocName, string strParam1)
{
SqlGenerator gen = new SqlGenerator(SqlGenerator.SqlTypes.Sproc, sprocName);
//Determine if a param was sent.
if (strParam1.Length > 0)
{
gen.AddField("PARAMETER", sprocName, strParam1);
}
return FetchDataReader(gen);
}
